Open Issues Need Help
View All on GitHubAI Summary: The Change Password screen displays contradictory password length requirements. The helper text indicates a minimum of 8 characters, while the validation error message states a minimum of 12 characters. This inconsistency can confuse users and needs to be resolved to display a single, clear password policy.
AI Summary: This issue highlights the absence of a real-time password strength indicator during the password change process. Users are currently only notified of validation errors after submission, leading to frustration and a less intuitive user experience. The expected behavior is to provide immediate visual feedback on password strength as the user types.
AI Summary: The user creation form in the PGO Web application incorrectly prompts for manual password entry. After a user is created, the system sends a temporary password via SMS, making the manually entered password irrelevant and causing confusion. The recommended solution is to remove the password fields from the form and rely solely on the system-generated temporary password.
AI Summary: This issue reports that the "Forgot your password?" link is poorly placed inline with the password field label on the login screen, making it less discoverable. The expected result is for the link to be positioned more prominently below the password input field for better visibility.
AI Summary: This issue highlights a critical missing feature in the User Management module: the ability to deactivate (lock) and activate (unlock) user accounts. Without this functionality, user access cannot be controlled, posing a security risk and preventing proper validation of inactive user login attempts.
AI Summary: The login system currently provides distinct error messages for non-existent usernames versus incorrect passwords, creating a username enumeration vulnerability. This allows attackers to identify valid user accounts, which can then be targeted for brute-force attacks or credential stuffing. The fix involves returning a single, generic error message for both scenarios to obscure account existence.